Difference between revisions of "Trusting self-reported IP address"

From OWASP
Jump to: navigation, search
 
(Related Controls)
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{Template:Vulnerability}}
 +
{{Template:SecureSoftware}}
  
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
{{Template:SecureSoftware}}
+
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
  
==Overview==
+
==Description==
  
 
The use of IP addresses as authentication is flawed and can easily be spoofed by malicious users.
 
The use of IP addresses as authentication is flawed and can easily be spoofed by malicious users.
  
==Consequences ==
+
'''Consequences'''
  
* Authentication: Malicious users can fake authentication information, impersonating any IP address
+
* Authentication: Malicious users can fake authentication information, impersonating any IP address
  
==Exposure period ==
+
'''Exposure period'''
  
* Design: Authentication methods are generally chosen during the design phase of development.
+
* Design: Authentication methods are generally chosen during the design phase of development.
  
==Platform ==
+
'''Platform'''
  
* Languages: All
+
* Languages: All
 +
* Operating platforms: All  
  
* Operating platforms: All
+
'''Required resources'''
 
+
==Required resources ==
+
  
 
Any
 
Any
  
==Severity ==
+
'''Severity'''
  
 
High
 
High
  
==Likelihood   of exploit ==
+
'''Likelihood of exploit'''
  
 
High
 
High
  
==Avoidance and mitigation ==
+
As IP addresses can be easily spoofed, they do not constitute a valid authentication mechanism. Alternate methods should be used if significant authentication is necessary.
  
* Design: Use other means of identity verification that cannot be simply spoofed.
+
==Risk Factors==
  
==Discussion ==
+
TBD
  
As IP addresses can be easily spoofed, they do not constitute a valid authentication mechanism. Alternate methods should be used if significant authentication is necessary.
+
==Examples==
 
+
==Examples ==
+
  
 
In C/C++:
 
In C/C++:
  
 +
<pre>
 
sd = socket(AF_INET, SOCK_DGRAM, 0);
 
sd = socket(AF_INET, SOCK_DGRAM, 0);
 
serv.sin_family = AF_INET;
 
serv.sin_family = AF_INET;
Line 57: Line 58:
 
               (struct sockaddr *) & cli, &clilen);
 
               (struct sockaddr *) & cli, &clilen);
 
}
 
}
 +
</pre>
 +
 
In Java:
 
In Java:
  
 +
<pre>
 
while(true) {
 
while(true) {
 
   DatagramPacket rp=new DatagramPacket(rData,rData.length);
 
   DatagramPacket rp=new DatagramPacket(rData,rData.length);
Line 74: Line 78:
 
   }   
 
   }   
 
}
 
}
==Related problems ==
+
</pre>
  
* Trusting self-reported DNS name
 
  
* Using the referer field for authentication
+
==Related [[Attacks]]==
  
==Categories ==
+
* [[Attack 1]]
 +
* [[Attack 2]]
  
[[Category:Vulnerability]]
 
  
 +
==Related [[Vulnerabilities]]==
 +
 +
* [[Trusting self-reported DNS name]]
 +
* [[Using the referer field for authentication]]
 +
 +
 +
 +
==Related [[Controls]]==
 +
 +
* Design: Use other means of identity verification that cannot be simply spoofed.
 +
 +
==Related [[Technical Impacts]]==
 +
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 +
 +
==References==
 +
 +
TBD
 +
[[Category:FIXME|add links
 +
 +
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 +
 +
Availability Vulnerability
 +
 +
Authorization Vulnerability
 +
 +
Authentication Vulnerability
 +
 +
Concurrency Vulnerability
 +
 +
Configuration Vulnerability
 +
 +
Cryptographic Vulnerability
 +
 +
Encoding Vulnerability
 +
 +
Error Handling Vulnerability
 +
 +
Input Validation Vulnerability
 +
 +
Logging and Auditing Vulnerability
 +
 +
Session Management Vulnerability]]
 +
 +
__NOTOC__
 +
 +
 +
[[Category:OWASP ASDR Project]]
 +
[[Category:Vulnerability]]
 
[[Category:Protocol Errors]]
 
[[Category:Protocol Errors]]
 +
[[Category:OWASP_CLASP_Project]]

Latest revision as of 16:11, 28 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 02/28/2009

Vulnerabilities Table of Contents

Description

The use of IP addresses as authentication is flawed and can easily be spoofed by malicious users.

Consequences

  • Authentication: Malicious users can fake authentication information, impersonating any IP address

Exposure period

  • Design: Authentication methods are generally chosen during the design phase of development.

Platform

  • Languages: All
  • Operating platforms: All

Required resources

Any

Severity

High

Likelihood of exploit

High

As IP addresses can be easily spoofed, they do not constitute a valid authentication mechanism. Alternate methods should be used if significant authentication is necessary.

Risk Factors

TBD

Examples

In C/C++:

sd = socket(AF_INET, SOCK_DGRAM, 0);
serv.sin_family = AF_INET;
serv.sin_addr.s_addr = htonl(INADDR_ANY);
servr.sin_port = htons(1008);
bind(sd, (struct sockaddr *) & serv, sizeof(serv));
while (1) {
  memset(msg, 0x0, MAX_MSG);
  clilen = sizeof(cli);
  if (inet_ntoa(cli.sin_addr)==...)
  n = recvfrom(sd, msg, MAX_MSG, 0,
              (struct sockaddr *) & cli, &clilen);
}

In Java:

while(true) {
  DatagramPacket rp=new DatagramPacket(rData,rData.length);
         
  outSock.receive(rp);
  String in = new String(p.getData(),0, rp.getLength());
  InetAddress IPAddress = rp.getAddress();
  int port = rp.getPort();
          
  if ((rp.getAddress()==...) && (in==...)){
    out = secret.getBytes();
    DatagramPacket sp =new DatagramPacket(out,out.length,
      IPAddress, port);
    outSock.send(sp);
  }  
}


Related Attacks


Related Vulnerabilities


Related Controls

  • Design: Use other means of identity verification that cannot be simply spoofed.

Related Technical Impacts


References

TBD